Method in Madness - Targeted Cyberattacks Hit Azerbaijan

Organizations in Azerbaijan have become quite the target for cyberattacks for a few months now. One of the APT groups responsible for such attacks was found using the PoetRAT in its campaign.

Poetry in motion

  • The threat actors have set in motion several spear-phishing campaigns attempting to lure victims into downloading a malicious Word document.
  • These documents further download additional payloads via malicious macros in the Word doc. The campaigns are suspected to be a part of cyberespionage campaigns against the government. 
  • While the earlier versions PoetRAT deployed a Python interpreter, the latest version has switched to Lua script. 

Victimology

  • Previous campaigns have been focused on the energy sector, especially wind turbines.
  • The September and October campaigns are focused on the public sector and VIPs.

Other attacks on Azerbaijan

  • A few days back, the Azeri Navy sailors suffered a data breach. The file package, named Azerbaijan Navy 2020, was observed circulating Russian forums, containing 18,872 entries. The leaked data contained sailors’ full names, surnames, passport numbers, expiry dates, and DOB.
  • Plane Finder, a U.K.-based live flight tracking service, suffered massive DDoS attacks, disrupting its services temporarily. The attack is, allegedly, linked with the current conflicts faced by the country.  

The bottom line

Malware operators have been observed evolving their tactics to hack into sensitive targets. Moreover, the campaigns launched are increasingly efficient, where it is difficult to detect them because of the obfuscation techniques implemented. Thus, organizations in every sector should be aware of potential cyber threats and take suitable security measures.